security/selinux/include/audit.h

   1 /*
   2  * SELinux support for the Audit LSM hooks
   3  *
   4  * Most of below header was moved from include/linux/selinux.h which
   5  * is released under below copyrights:
   6  *
   7  * Author: James Morris <jmorris@redhat.com>
   8  *
   9  * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
  10  * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
  11  * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
  12  *
  13  * This program is free software; you can redistribute it and/or modify
  14  * it under the terms of the GNU General Public License version 2,
  15  * as published by the Free Software Foundation.
  16  */
  17
  18 #ifndef _SELINUX_AUDIT_H
  19 #define _SELINUX_AUDIT_H
  20
  21 /**
  22  *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
  23  *      @field: the field this rule refers to
  24  *      @op: the operater the rule uses
  25  *      @rulestr: the text "target" of the rule
  26  *      @rule: pointer to the new rule structure returned via this
  27  *
  28  *      Returns 0 if successful, -errno if not.  On success, the rule structure
  29  *      will be allocated internally.  The caller must free this structure with
  30  *      selinux_audit_rule_free() after use.
  31  */
  32 int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **rule);
  33
  34 /**
  35  *      selinux_audit_rule_free - free an selinux audit rule structure.
  36  *      @rule: pointer to the audit rule to be freed
  37  *
  38  *      This will free all memory associated with the given rule.
  39  *      If @rule is NULL, no operation is performed.
  40  */
  41 void selinux_audit_rule_free(void *rule);
  42
  43 /**
  44  *      selinux_audit_rule_match - determine if a context ID matches a rule.
  45  *      @sid: the context ID to check
  46  *      @field: the field this rule refers to
  47  *      @op: the operater the rule uses
  48  *      @rule: pointer to the audit rule to check against
  49  *      @actx: the audit context (can be NULL) associated with the check
  50  *
  51  *      Returns 1 if the context id matches the rule, 0 if it does not, and
  52  *      -errno on failure.
  53  */
  54 int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
  55                              struct audit_context *actx);
  56
  57 /**
  58  *      selinux_audit_rule_known - check to see if rule contains selinux fields.
  59  *      @rule: rule to be checked
  60  *      Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
  61  */
  62 int selinux_audit_rule_known(struct audit_krule *krule);
  63
  64 #endif /* _SELINUX_AUDIT_H */
  65